[CLUG-tech] Freebsd - Execute as Root

Hendrik Visage hvjunk at gmail.com
Thu Feb 9 13:54:53 SAST 2006


On 2/9/06, Jonathan Hitchcock <vhata-clug at rucus.ru.ac.za> wrote:
> Hendrik Visage wrote:
> >> Scripts can't be suid, because they're interpreted
> >
> > BEEEPPP!!!! Wrong :)
>
> No, I was right.

On Linux yes I'll agree.

On Solaris at least you have SUID scripts.

> A script is just a text file that is given as input to
> an interpreter.  There may be interpreters that examine their input
> files, detect that they have the suid bit set, and run them with root
> privileges if they do.  But these interpreters will also have to be
> suid, obviously.

No. Go check fs/exec.c and friends. It's about setting the SUID of the
*process* that get's dropped by Linux "becuase they feel it's
insecure"... rather, the view is that Linux don't (can't??) do secure
scripts. There are a patch available for secure suid scripts on Linux,
but, but but... sounds like cdrecord and the Linux kernel :(

>  Therefore, the suidness is in the interpreter, not in
> the script.

Different issue Solaris and frineds didn't have SUID shells, but they
do allow the exceution of SUID shell scripts.

> is the thing that actually runs.  I am running it as 'rodney', not as
> 'root'.  How am I suddenly going to get root priveleges, when I'm just
> plain old rodney?

Simple, the kernel sets the flags as it execs the process. ditto for
*any* other setuid program, the linux issue is it drops the
privilegdes
as it sees a #! :(


--
Hendrik Visage


More information about the Clug-tech mailing list